Deploying an Annotation Server
How to deploy a Potato annotation server for a real study, authentication options, HTTPS, and production setup with Docker or a reverse proxy.
Running an annotation study for real means moving Potato off your laptop and onto a server annotators can reach, with the right login method and HTTPS so credentials and data are protected. This guide covers the deployment choices; for step-by-step setup see Local Development and the deployment section.
Choose an authentication method
Match the login to your annotator population:
- Passwordless: annotators enter just a username. Fine for trusted internal teams or crowd studies where the platform already identified the worker. See Passwordless Login.
- Passwords: a managed user list, for a fixed set of named annotators.
- OAuth / SSO: sign in with Google or GitHub, or your institution's single sign-on. Best for larger or institutional deployments.
Put it behind HTTPS
Any real deployment should serve over HTTPS so usernames, answers, and any personal data are encrypted in transit. The usual pattern is a reverse proxy such as nginx terminating TLS in front of Potato, or a hosting platform that handles TLS for you.
A typical production stack
- Potato running under a production server process.
- nginx (or similar) as a reverse proxy handling TLS and static assets.
- Docker to package it reproducibly, if you containerize.
- A public DNS name with a certificate (Let's Encrypt is free).
Pilot the exact config locally first, then deploy the same config, the only things that change are the URL, auth, and TLS.
Operating the study
- Watch progress, throughput, and agreement in the admin dashboard.
- Back up the output directory regularly; annotations are written there.
- For crowd studies, see Running a Study on Prolific and MTurk.